Vulnerability in EPiServer.Forms
We are trying to use ADFS for authentication to our EPiServer (9x) instance. Everything seems to work fine as long as we don't pass roles from ADFS. As soon as our Server admin sets ADFS to include "Roles" (webadmins and webeditors) we start getting errors reported on the ADFS login screen.
I feel like I must be doing something entirely wrong here. If I don't pass roles from ADFS, how will anyone, myself include, get into the CMS. If I do pass roles in the claim, is there some special way I need to configure it for EPiServer to work?
You can check out the documentation for federated security here:
It's also possible to get it to work using WIF with some work.
Keep in mind that getting SSO (Single Sign On) to work using ADFS is not the easy part of development.